Overview

overview

8

Static

static

f7307b7719...16.exe

windows7_x64

8

f7307b7719...16.exe

windows10_x64

8

Analysis

  • max time kernel
    130s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    13-05-2021 12:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f7307b77198e6af1014129704ac6792ad5705bdd25a1fcd44a1df1ef0953c216.exe

  • Size

    416KB

  • MD5

    438b768038e93e36d90dd1fd034a652b

  • SHA1

    aa773322156ac6a74245bfbd0620769726eceafc

  • SHA256

    f7307b77198e6af1014129704ac6792ad5705bdd25a1fcd44a1df1ef0953c216

  • SHA512

    27d0d71518e71377830f317c5c830587adad717bfdcf89299c71b671776c27de9ca603696fe606d5b87f003f336320c4de096faa2aea7cc8ef124d89d7bb36ec

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f7307b77198e6af1014129704ac6792ad5705bdd25a1fcd44a1df1ef0953c216.exe
    "C:\Users\Admin\AppData\Local\Temp\f7307b77198e6af1014129704ac6792ad5705bdd25a1fcd44a1df1ef0953c216.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    PID:2040
  • C:\Program Files (x86)\Bfjfjbz.pif
    "C:\Program Files (x86)\Bfjfjbz.pif"
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1636
    • C:\Program Files (x86)\Bfjfjbz.pif
      "C:\Program Files (x86)\Bfjfjbz.pif" Win7
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:1068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Bfjfjbz.pif
    MD5

    438b768038e93e36d90dd1fd034a652b

    SHA1

    aa773322156ac6a74245bfbd0620769726eceafc

    SHA256

    f7307b77198e6af1014129704ac6792ad5705bdd25a1fcd44a1df1ef0953c216

    SHA512

    27d0d71518e71377830f317c5c830587adad717bfdcf89299c71b671776c27de9ca603696fe606d5b87f003f336320c4de096faa2aea7cc8ef124d89d7bb36ec

    Download Submit
  • C:\Program Files (x86)\Bfjfjbz.pif
    MD5

    438b768038e93e36d90dd1fd034a652b

    SHA1

    aa773322156ac6a74245bfbd0620769726eceafc

    SHA256

    f7307b77198e6af1014129704ac6792ad5705bdd25a1fcd44a1df1ef0953c216

    SHA512

    27d0d71518e71377830f317c5c830587adad717bfdcf89299c71b671776c27de9ca603696fe606d5b87f003f336320c4de096faa2aea7cc8ef124d89d7bb36ec

    Download Submit
  • C:\Program Files (x86)\Bfjfjbz.pif
    MD5

    438b768038e93e36d90dd1fd034a652b

    SHA1

    aa773322156ac6a74245bfbd0620769726eceafc

    SHA256

    f7307b77198e6af1014129704ac6792ad5705bdd25a1fcd44a1df1ef0953c216

    SHA512

    27d0d71518e71377830f317c5c830587adad717bfdcf89299c71b671776c27de9ca603696fe606d5b87f003f336320c4de096faa2aea7cc8ef124d89d7bb36ec

    Download Submit
  • memory/1068-67-0x0000000000000000-mapping.dmp
    Download
  • memory/2040-59-0x0000000076281000-0x0000000076283000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2040-60-0x0000000010000000-0x0000000010010000-memory.dmp
    Filesize

    64KB

    Download